CN107113278B - The method, apparatus and system that neighbours establish - Google Patents
The method, apparatus and system that neighbours establish Download PDFInfo
- Publication number
- CN107113278B CN107113278B CN201580062748.7A CN201580062748A CN107113278B CN 107113278 B CN107113278 B CN 107113278B CN 201580062748 A CN201580062748 A CN 201580062748A CN 107113278 B CN107113278 B CN 107113278B
- Authority
- CN
- China
- Prior art keywords
- network equipment
- udl
- certification
- message
- authentication information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
- H04L45/026—Details of "hello" or keep-alive messages
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/14—Multichannel or multilink protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Cardiology (AREA)
- General Health & Medical Sciences (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention discloses the method, apparatus and system that a kind of neighbours establish, the case where this method enables certification according to first network equipment and second network equipment, corresponding authentication information is added in the message sent mutually, HELLO message is sent from first network equipment to second network equipment, HELLO message is received by second network equipment and is authenticated, after certification passes through, HELLO message described in the UDL LSP message response by extension;The UDL LSP message of the extension is received by first network equipment again and is authenticated, when authentication result is that the first network equipment and second network equipment enable certification and certification passes through, neighborhood between the two can be established.By the above process, only one end certification security reliability when LA Management Room establishes neighbours to overcome the problems, such as to authenticate when neighbours establish incomplete, can be improved by the case where also can establish neighborhood appearance.
Description
Technical field
The present invention relates to technical field of the computer network, more specifically, it relates to the method for neighbours' foundation, equipment and are
System.
Background technique
(Integrated Intermediate System-to-Intermediate System, intermediate system arrive ISIS
Intermediate system) agreement is a kind of traditional link-state protocol, based on being established between each equipment of ISIS agreement by HELLO message
With maintenance of neighbor relationship.In the establishment process of neighborhood, malicious attack in order to prevent, ISIS message uses authentication mechanism,
In the case where enabled certification, the both sides for establishing neighbours must carry the TLV (type- for being used for certification in HELLO message
Length-value, message format value), certification is by just allowing to establish ISIS neighbours.
It is under normal conditions diconnected between two network equipments of ISIS network, in some scenarios, wherein one
The physical link in a direction is obstructed, and both sides can enter unilaterally connected scene, and the scene is defined in unidirectional ISIS agreement, such as
Fruit is at this time between both sides there are other non-straight access paths, can on the non-straight access path by way of transmitting neighbor information,
Two network equipment both sides are allowed to continue to establish and maintain neighborhood.But when the two connected by one way link
One end of the network equipment enables authentication function, and when the other end is not enabled on authentication function, also neighborhood can be normally established, from
And introduce backfence security risk.
Summary of the invention
In view of this, the method, apparatus and system for being designed to provide neighbours' foundation of the embodiment of the present invention, existing to overcome
Have in technology in the case of unidirectional links, LA Management Room carries out neighbours and authenticates when establishing imperfect, causes to introduce between neighbours
Security risk problem.
To achieve the above object, the embodiment of the present invention provides the following technical solutions:
First aspect of the embodiment of the present invention discloses a kind of method that neighbours establish, this method comprises:
First network equipment sends HELLO message, the HELLO message to second network equipment by the first one way link
Middle the first authentication information carried for authenticating the first network equipment, first one way link are from the first network
Direct connected link of the equipment to second network equipment;
The first network equipment receives the unidirectional of the extension from second network equipment by the second one way link
Link UDL link state packet LSP message, the UDL LSP message of the extension is for HELLO message described in response, described the
In the case where the enabled certification of two network equipments, the UDL LSP message of the extension is carried for authenticating second network equipment
The second authentication information, second one way link be from second network equipment to the indirectly connected of the first network equipment
Link;
The first network equipment executes the certification to the UDL LSP message of the extension, when authentication result is described the
One network equipment and second network equipment enable certification and certification passes through, the first network equipment establish with it is described
Neighborhood between second network equipment.
In the first implementation of first aspect of the embodiment of the present invention, the first network equipment is executed to the expansion
The certification of the UDL LSP message of exhibition, comprising:
The first network equipment extract carried in the UDL LSP message of the extension for authenticating second network
Second authentication information of equipment is authenticated;When certification be it is legal, obtain the first network equipment and second network set
The standby authentication result for enabling certification and certification and passing through.
In second of implementation of first aspect of the embodiment of the present invention, the first network equipment is unidirectional by first
Second network equipment of chain road direction is sent after HELLO message, further includes:
In the case where second network equipment is not enabled on certification, the first network equipment is unidirectional by described second
Link receives the one way link UDL link state packet LSP message from second network equipment, and the UDL LSP message is used
The HELLO message described in response, the UDL LSP message do not carry the second certification letter for authenticating second network equipment
Breath, second one way link are from second network equipment to the non-straight connected link of the first network equipment;Described
One network equipment executes the certification to the UDL LSP message, carries when not examining in the UDL LSP message for authenticating
When the second authentication information of second network equipment, the neighborhood between second network equipment is not established.
It is described for authenticating second network equipment in the third implementation of first aspect of the embodiment of the present invention
The second authentication information include: the authentication information of radio network or the authentication information of Peer-to-Peer Network P2P;
The format of the authentication information of the radio network successively includes following field: the Type for stored messages type Type
Field, for the Length field of stored messages length Length, for storing local expanded circuit mark Extended
The Extended Local Circuit id field of Local Circuit ID is used for authentication storage type
The Authentication the type field of Authentication Type and be used for authentication storage information Authentication
The Authentication Value field of Value;
The format of the authentication information of the P2P successively includes following field: the Type word for stored messages type Type
Section, for the Length field of stored messages length Length, for storing neighbours link identification Neighbor LAN ID's
Neighbor LAN id field, the Authentication Type for authentication storage type Authentication Type
Field and Authentication Value field for authentication storage information Authentication Value.
Second aspect of the embodiment of the present invention discloses a kind of network equipment, is used as first network equipment, comprising:
Communication unit, for sending HELLO message, the HELLO report to second network equipment by the first one way link
It carries the first authentication information for authenticating first network equipment in text, and is received by the second one way link from described the
The link state packet LSP message of the one way link UDL of the extension of two network equipments, the UDL LSP message of the extension is for answering
The HELLO message is answered, in the case where second network equipment enabled certification, the UDL LSP message of the extension is carried
For authenticating the second authentication information of second network equipment, first one way link is from first network equipment to described
The direct connected link of second network equipment, second one way link are from second network equipment to the first network equipment
Non-straight connected link;
Processor, for executing the certification to the UDL LSP message of the extension, when authentication result is the first network
Equipment and second network equipment enable certification and certification passes through, and establish the first network equipment and second net
The neighborhood of network equipment.
In the first implementation of second aspect of the embodiment of the present invention, the UDL for executing to the extension
The processor of the certification of LSP message, comprising:
The processor, carry in the UDL LSP message for extracting the extension for authenticating second network
Second authentication information of equipment is authenticated;When certification be it is legal, obtain the first network equipment and second network set
The standby authentication result for enabling certification and certification and passing through.
In second of implementation of second aspect of the embodiment of the present invention, certification is not enabled in second network equipment
In the case where, further includes:
The communication unit, for receiving the unidirectional chain from second network equipment by second one way link
Road UDL link state packet LSP message, the UDL LSP message is for HELLO message described in response, and the UDL LSP message is not
The second authentication information for authenticating second network equipment is carried, second one way link is to set from second network
The standby non-straight connected link for arriving the first network equipment;
The processor, for executing the certification to the UDL LSP message, when not examining the UDL LSP message
In when carrying the second authentication information for authenticating second network equipment, do not establish between second network equipment
Neighborhood.
The third aspect of the embodiment of the present invention discloses a kind of method that neighbours establish, this method comprises:
Second network equipment receives the HELLO message from first network equipment, the HELLO by the first one way link
The first authentication information for authenticating the first network equipment is carried in message, first one way link is from described first
Direct connected link of the network equipment to second network equipment;
In the case where second network equipment enabled certification, second network equipment passes through the described first unidirectional chain
Road receives the HELLO message and is simultaneously authenticated, and when certification passes through, is sent out by the second one way link to the first network equipment
The one way link UDL link state packet LSP message of extension is sent, the UDL LSP message of the extension is for the report of HELLO described in response
Text, the UDL LSP message of the extension carries the second authentication information for authenticating second network equipment, by described first
The network equipment executes the certification to the UDL LSP message of the extension, and is the first network equipment and institute in authentication result
State second network equipment enable certification and certification pass through in the case where, establish and the first network equipment between neighbours
Relationship;
Second one way link is from second network equipment to the non-straight connected link of the first network equipment.
In the first implementation of the third aspect of the embodiment of the present invention, further includes:
In the case where second network equipment is not enabled on certification, second network equipment is unidirectional by described second
First network equipment described in chain road direction sends one way link UDL link state packet LSP message, does not take in the UDL LSP message
Band is executed by the first network equipment to the UDL LSP for authenticating the second authentication information of second network equipment
The certification of message, and do not examine in the UDL LSP message and carried for authenticating described second in the first network equipment
In the case where second authentication information of the network equipment, the neighborhood between the first network equipment is not established.
In second of implementation of the third aspect of the embodiment of the present invention, in the enabled certification of second network equipment
In the case of, second network equipment receives the HELLO message by first one way link and is authenticated, comprising:
Second network equipment receives the carrying for authenticating the first network by first one way link
The HELLO message of first authentication information of equipment extracts first authentication information and authenticates to the HELLO message;
When certification be it is legal, confirmation certification passes through;
It is illegal when authenticating, then confirm that certification does not pass through, then the neighbours not established between the first network equipment are closed
System.
In the third implementation of the third aspect of the embodiment of the present invention, certification is enabled in second network equipment,
In the case that the first network equipment is not enabled on certification, further includes:
Second network equipment receives not the carrying for first network equipment transmission by the first one way link and is used for
It authenticates the HELLO message of the first authentication information of the first network equipment and authenticates, believe when not extracting first certification
When breath, confirmation certification does not pass through, abandons the HELLO message.
In the 4th kind of implementation of the third aspect of the embodiment of the present invention, second one way link that passes through is to described
One network equipment sends the one way link UDL link state packet LSP message of extension, and the UDL LSP message of the extension is for answering
The HELLO message is answered, the UDL LSP message of the extension carries the second certification letter for authenticating second network equipment
Breath, comprising:
Second authentication information is added in the UDL LSP message of the extension by second network equipment, and is led to
Cross the UDL LSP message that second one way link sends the extension to the first network equipment;
Or, second authentication information is added to the UDL of the extension by second network equipment using cipher mode
In LSP message, and the UDL LSP message of the extension is sent by second one way link to the first network equipment.
In the 5th kind of implementation of the third aspect of the embodiment of the present invention, the second certification letter of second network equipment
Breath includes: the authentication information of radio network or the authentication information of Peer-to-Peer Network P2P;
The format of the authentication information of the radio network successively includes following field: the Type for stored messages type Type
Field, for the Length field of stored messages length Length, for storing local expanded circuit mark Extended
The Extended Local Circuit id field of Local Circuit ID is used for authentication storage type
The Authentication the type field of Authentication Type and be used for authentication storage information Authentication
The Authentication Value field of Value;
The format of the authentication information of the P2P successively includes following field: the Type word for stored messages type Type
Section, for the Length field of stored messages length Length, for storing neighbours link identification Neighbor LAN ID's
Neighbor LAN id field, the Authentication Type for authentication storage type Authentication Type
Field and Authentication Value field for authentication storage information Authentication Value.
Fourth aspect of the embodiment of the present invention discloses a kind of network equipment, is used as second network equipment, comprising:
Communication unit, it is described for receiving the HELLO message that first network equipment is sent by the first one way link
Carry the first authentication information for authenticating the first network equipment in HELLO message, first one way link is from institute
State first network equipment to second network equipment direct connected link;
Processor is used in the case where second network equipment enabled certification, to carrying for authenticating described first
The HELLO message of first authentication information of the network equipment is authenticated, when certification passes through, by the second one way link to institute
The one way link UDL link state packet LSP message that first network equipment sends extension is stated, the UDL LSP message of the extension is used
The UDL LSP message carrying of the HELLO message described in response, the extension is recognized for authenticating the second of second network equipment
Information is demonstrate,proved, the certification to the UDL LSP message of the extension is executed by the first network equipment, and be described in authentication result
In the case that first network equipment and second network equipment enable certification and certification passes through, establish and first net
Neighborhood between network equipment;
Second one way link is from second network equipment to the non-straight connected link of the first network equipment.
In the first implementation of fourth aspect of the embodiment of the present invention, certification is not enabled in second network equipment
In the case where, further includes:
The processor, for sending one way link UDL to the first network equipment by second one way link
Link state packet LSP message does not carry the second certification letter for authenticating second network equipment in the UDL LSP message
Breath executes the certification to the UDL LSP message by the first network equipment, and does not examine in the first network equipment
In the case where carrying the second authentication information for authenticating second network equipment in the UDL LSP message, do not establish with
Neighborhood between the first network equipment.
It is described for carrying for authenticating described the in second of implementation of fourth aspect of the embodiment of the present invention
The processor that the HELLO message of first authentication information of one network equipment is authenticated, comprising:
The processor, for extracting the HELLO carried for authenticating the first authentication information of the first network equipment
First authentication information in message authenticates the HELLO message using first authentication information;When certification is
Legal, confirmation certification passes through;When authenticate it is illegal, then confirm certification do not pass through, then do not establish with the first network equipment it
Between neighborhood.
In the third implementation of fourth aspect of the embodiment of the present invention, certification is enabled in second network equipment,
In the case that the first network equipment is not enabled on certification, further includes:
The communication unit, for receiving the HELLO that the first network equipment is sent by first one way link
Message does not carry the first authentication information for authenticating the first net equipment, the first unidirectional chain in the HELLO message
Direct connected link of the first network equipment described in Lu Weicong to second network equipment;
The processor, for the HELLO for not carrying the first authentication information for authenticating the first network equipment
Message is authenticated, and when not extracting first authentication information, confirmation certification does not pass through, abandons the HELLO message.
In the 4th kind of implementation of fourth aspect of the embodiment of the present invention, second one way link that passes through is to described
One network equipment sends the one way link UDL link state packet LSP message of extension, and the UDL LSP message of the extension is for answering
The HELLO message is answered, the UDL LSP message of the extension carries the second certification letter for authenticating second network equipment
The processor of breath, comprising:
The processor for being added to second authentication information in the UDL LSP message of the extension, and passes through
Second one way link sends the UDL LSP message of the extension to the first network equipment, or, described second is authenticated
Information is added in the UDL LSP message of the extension using cipher mode, and by second one way link to described the
One network equipment sends the UDL LSP message of the extension.
The 5th aspect of the embodiment of the present invention discloses a kind of system that neighbours establish, which includes: aforementioned present invention reality
The disclosed network equipment for being used as first network equipment of a second aspect is applied, embodiments of the present invention fourth aspect is disclosed to be used
Make the network equipment of second network equipment, and the physics chain of connection the first network equipment and second network equipment
Road, the physical link include the first one way link from the first network equipment to second network equipment, and, from
For second network equipment to the second one way link of the first network equipment, first one way link is direct connected link,
Second one way link is non-straight connected link.
It can be seen via above technical scheme that compared with prior art, the embodiment of the invention discloses a kind of neighbours foundation
Method, apparatus and system.When detecting that one end physical link is in an off state by link state, it is specified that when neighbours are double
The case where side enters behavior when UDL scene, and this method carries out enabled certification according to first network equipment and second network equipment,
Corresponding authentication information is added in the message sent mutually, if both sides enable certification, wherein by first network equipment
HELLO message is sent to second network equipment, received HELLO message by second network equipment and is authenticated, certification is worked as
By rear, the UDL LSP of the extension of second authentication information of second network equipment by carrying for authenticating second network equipment
HELLO message described in message response;Then, then the UDL LSP message of the extension is received by first network equipment and is recognized
Card, it is described when authentication result is that the first network equipment and second network equipment enable certification and certification passes through
Neighborhood can be established between first network equipment and second network equipment.Disclosed this kind of side through the embodiment of the present invention
Method can be avoided only one end certification and pass through the case where also can establish neighborhood appearance, thus certification when neighbours being overcome to establish
Incomplete problem improves security reliability when LA Management Room establishes neighbours.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, required use in being described below to embodiment
Attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only the embodiment of the present invention, for this field
For those of ordinary skill, without creative efforts, it can also be obtained according to the attached drawing of offer other attached
Figure.
Fig. 1 is the physical link schematic diagram that the end IS-T in the prior art and the end IS-R of the invention carry out neighbours' foundation;
Fig. 2 is a kind of flow chart of neighbours' method for building up disclosed in the embodiment of the present invention one;
Fig. 3 is a kind of flow chart of neighbours' method for building up disclosed in the embodiment of the present invention two;
Fig. 4 is a kind of flow chart of neighbours' method for building up disclosed in the embodiment of the present invention three;
Fig. 5 is the form schematic diagram of the authentication information of radio network disclosed by the embodiments of the present invention;
Fig. 6 is the form schematic diagram of the authentication information of Peer-to-Peer Network P2P disclosed by the embodiments of the present invention;
Fig. 7 is a kind of flow chart of neighbours' method for building up disclosed in example one of the present invention;
Fig. 8 is a kind of flow chart of neighbours' method for building up disclosed in example two of the present invention;
Fig. 9 is a kind of flow chart of neighbours' method for building up disclosed in example three of the present invention;
Figure 10 establishes the structural schematic diagram of system for a kind of neighbours disclosed in the embodiment of the present invention three.
Specific embodiment
For the sake of quoting and understanding, hereafter used in technical term explanation, write a Chinese character in simplified form or abridge and be summarized as follows:
ISIS:Integrated Intermediate System-to-Intermediate System, intermediate system arrive
Intermediate system;
UDL:Unidirectional Links, one way link;
IS-T:The IS at The Transmit End of A UDL Link, the originator router of one way link;
IS-R:The IS at The Receive End of A UDL Link, the receiving end router of one way link;
HELLO message, for establishing and safeguarding IS-IS syntople, wherein router is regular with the hello interval time
Hello data packet is sent to adjacent router;
Common message format value in the network TLV:type-length-value, ISIS, is often referred to routing information
Optional variable-length field, for type field for storing type of message, length field is used to store the length of message, type field
Usually fixed with the length of length field, value field is used to store the particular content of message, and length is variable, may include
The field of one or more TLV types;
SUB TLV: each subtype, subtype report can be divided into the value field in TLV according to similar format
The length of text and the content field of subtype message, SUB type, SUB value length and SUB value field are referred to as
SUB TLV, wherein SUB-type shows the type of SUB value field, and SUB value length shows SUB value word
Length of the section as unit of byte, SUB value show the protocol contents of SUB TLV field;
LSP:Link-State Packet, link state packet;
UDL TLV:The TLV With UDL Infomation carries the TLV of UDL information;
UDL LSP:The LSP with UDL-TLV carries the LSP of UDL TLV.
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment belongs to the range of protection of the embodiment of the present invention.
It can be seen from background technology that in the prior art, such as unidirectional ISIS agreement takes UDL LSP by defining UDL LSP
With neighbor information by the end IS-R as shown in Figure 1, the end physical link R3, R4, R5 and IS-T, the neighbor information of IS-R is flooded
To IS-T, make to establish neighborhood between IS-T and IS-R.In the prior art, under UDL scene, pass through UDL LSP in IS-R
Neighbor information is carried into back IS-T, is currently based on the list for IS-T for unidirectional ISIS agreement when IS-T is checked
To ISIS agreement, it is only checked and is authenticated to the LSP transmitted in one way link, without further to response message
The whether enabled certification in the port IS-R of information is checked, if LSP certification passes through, that is, allows the neighbours between IS-T and IS-R
It establishes.
That is, existing in the prior art under the scene of one way link UDL when interface of the UDL at the end IS-T makes
Can certification, and when the interface at the end IS-R is not enabled on certification, do not allow the neighbours between IS-T and IS-R to establish originally, normally yet
The case where establishing, to introduce backfence security risk.
Therefore, it the embodiment of the invention provides the method, apparatus and system that neighbours establish, discloses through the embodiment of the present invention
This kind of method, the case where enabled certification is carried out according to first network equipment and second network equipment, mutually respectively by not
With the message that sends of one way link in add corresponding authentication information, can be avoided only one end also can establish by certification it is double
The case where square neighborhood, occurs, and incomplete problem is authenticated when neighbours establish to overcome, and improves and establishes between router
Security reliability when neighbours.Detailed process is described in detail by following present invention embodiment.
Embodiment one
As shown in Fig. 2, for the flow chart for a kind of method that neighbours establish disclosed in the embodiment of the present invention one, in neighbours both sides
Into in the case of UDL scene, mainly comprise the steps that
Step S101, first network equipment send HELLO message to second network equipment by the first one way link;
In step s101, which passes through the HELLO that the first one way link is sent to second network equipment
Message carries the first authentication information TLV for authenticating the first network equipment in the HELLO message.Wherein, described first is single
It is from the first network equipment to the direct connected link of second network equipment to link.
Wherein, the first network equipment mentioned in the embodiment of the present invention and second network equipment can be router, exchange
The network equipments such as machine.
Step S102, the first network equipment receive second network equipment and send extension by the second one way link
UDL LSP message, the UDL LSP message of the extension is for HELLO message described in response;
In step s 102, second network equipment receives HELLO message by the first one way link, and is made according to itself
Energy authentication scenario, the UDL LSP message of response HELLO message is sent by the second one way link to first network equipment.Wherein,
Second one way link is from second network equipment to the non-straight connected link of the first network equipment.
The UDL LSP message refers to the link state packet LSP for carrying UDL TLV, comprising sending out to the first network equipment
The neighbor information sent;The UDL TLV refers to the authentication information TLV for carrying one way link UDL information, adds in the UDL TLV
Add the second authentication information SUB TLV for authenticating second network equipment, whether is made with second network equipment
It can authenticate related.
When the enabled certification of second network equipment, then add, it is on the contrary then do not add.
That is, in the case where the enabled certification of second network equipment, first network equipment is received in step S102
Second network equipment is by the UDL LSP message for HELLO message described in response that the second one way link is sent, extension
UDL LSP message, the UDL LSP message of the extension carry the second authentication information SUB for authenticating second network equipment
TLV。
Step S103, the first network equipment execute the certification to the UDL LSP message of the extension, work as authentication result
Certification is enabled for the first network equipment and second network equipment and certification passes through, and the first network equipment is built
Neighborhood between vertical and described second network equipment.
In step s 103, for obtained authentication result, if the authentication result is first network equipment and the second network
Equipment enables certification and certification passes through, then first network equipment can establish the neighborhood between second network equipment,
In such a way that both ends enable certification and authenticate through the rear neighborhood established between the two, it is enabled to avoid only one end
Certification authenticates incomplete ask to overcome by the case where also can establish both sides' neighborhood appearance when neighbours establish
Topic, improves security reliability when LA Management Room establishes neighbours.
Embodiment two
As shown in figure 3, the flow chart for the method established for another kind neighbours disclosed in the embodiment of the present invention two, double in neighbours
Side enters in the case of UDL scene, mainly comprises the steps that
Step S201, second network equipment receive the HELLO message from first network equipment by the first one way link,
The first authentication information TLV for authenticating the first network equipment is carried in the HELLO message;
In step s 201, first one way link is from the first network equipment to second network equipment
Direct connected link.
Step S202, in the case where second network equipment enabled certification, second network equipment passes through described
First one way link receives the HELLO message and is simultaneously authenticated, when certification passes through, by the second one way link to described first
The network equipment sends the UDL LSP message of extension, and the UDL LSP message of the extension is described for HELLO message described in response
The UDL LSP message of extension carries the second authentication information SUB-TLV for authenticating second network equipment.
In step 202, the UDL LSP message of the extension is sent to by second network equipment by the second one way link
After first network equipment, the certification to the UDL LSP message of the extension is executed by the first network equipment, and tie in certification
Fruit is to establish and institute in the case that the first network equipment and second network equipment enable certification and certification passes through
State the neighborhood between first network equipment.
Wherein, second one way link is from second network equipment to the indirectly connected chain of the first network equipment
Road.
The UDL LSP message of the extension refers to the link state packet LSP for carrying the UDL TLV, includes to described first
The neighbor information that the network equipment is sent;The UDL-TLV refers to the authentication information TLV for carrying one way link UDL information, described the
In the case where the enabled certification of two network equipments, second for authenticating second network equipment is added in the UDL TLV
Authentication information SUB TLV.
It is logical to receive first network equipment in second network equipment for the method that neighbours disclosed in the embodiment of the present invention establish
After crossing the HELLO message of the first one way link transmission, in the case where oneself having enabled to authenticate, confirmation first network equipment also makes
After capable of authenticating and passing through certification, the second certification letter for carrying oneself is sent to the first network equipment by the second one way link
Cease the UDL LSP message of the extension of SUB-TLV.It is authenticated by UDL LSP message of the first network equipment to the extension, if
The authentication result is first network equipment and second network equipment enables certification and certification passes through, then second network equipment can
With the neighborhood established between first network equipment, enabled by both ends certification and certification pass through after establish between the two
Neighborhood mode, avoid the enabled certification in only one end by the case where also can establish both sides' neighborhood appearance, from
And the incomplete problem that authenticates when neighbours establish is overcome, improve security reliability when LA Management Room establishes neighbours.
Embodiment three
As shown in figure 4, the flow chart for the method established for a kind of neighbours disclosed by the embodiments of the present invention, when neighbours both sides into
In the case where behavior when entering UDL scene, mainly comprise the steps that
Step S301, first network equipment send HELLO message to second network equipment by the first one way link;
In step S301, pass through the HELLO that the first one way link is sent to second network equipment in first network equipment
In message, if carry the first authentication information TLV for authenticating the first network equipment and the first network equipment
Whether enabled certification is associated;
When the enabled certification of the first network equipment, then make to carry in the HELLO message for authenticating first net
First authentication information TLV of network equipment;
When the first network equipment is not enabled on certification, then make not carried in the HELLO message for authenticating described
First authentication information TLV of one network equipment.
Step S302, if second network equipment passes through institute in the case where second network equipment enabled certification
It states the first one way link to receive the HELLO message and authenticated, when certification passes through, second network equipment passes through second
One way link sends the UDL LSP message of extension to the first network equipment, and the UDL LSP message of the extension is used for response
The HELLO message;The UDL LSP message of the extension carries the second certification letter for authenticating second network equipment
Breath does not pass through when authenticating, then abandons the HELLO message;
During executing step S302, at this time if the enabled certification of second network equipment, second network equipment
It receives the HELLO message and is authenticated, the process of the certification refers to that the first authentication information TLV of extraction is whole to HELLO message
Body is authenticated, and is passed through when judging that legal confirmation authenticates, second network equipment passes through the second one way link to described first
The network equipment sends the UDL LSP message of the extension of HELLO message described in response, carries and uses in the UDL LSP message of the extension
In the second authentication information SUB TLV for authenticating second network equipment;When certification does not pass through or do not extract the first authentication information
TLV integrally authenticates HELLO message, then second network equipment directly abandons the HELLO message, will not set to first network
Preparation send any response message, and establishes without the neighbours of second network equipment and first network equipment;
At this time if second network equipment is not enabled on certification, sent out by the second one way link to the first network equipment
UDL LSP message is sent, does not carry the second authentication information SUB TLV for authenticating second network equipment in the UDL LSP message.
In step s 302, the UDL LSP message refers to the link state packet LSP for carrying the UDL TLV, includes to institute
State the neighbor information of first network equipment transmission;The UDL TLV refers to the authentication information TLV for carrying one way link UDL information, institute
It whether states in UDL LSP added with the authentication information SUB TLV and second network for authenticating second network equipment
Whether enabled equipment certification be associated;When the enabled certification of second network equipment, then add in the UDL TLV for recognizing
The the second authentication information SUB TLV for demonstrate,proving second network equipment, is extended the UDL LSP message, is expanded
UDL LSP message;
When second network equipment is not enabled on certification, then do not add in the UDL TLV for authenticating described second
Second authentication information SUB-TLV of the network equipment, does not extend the UDL LSP message.
Step S303, the first network equipment receive the UDL LSP of the extension by the second one way link and execute
Certification, when authentication result is that the first network equipment and second network equipment enable certification, and certification passes through, and builds
Found the neighborhood of the first network equipment Yu second network equipment.
In step S303, the first network equipment receives the UDL LSP message of extension by the second one way link
Afterwards, the UDL LSP message of the extension is authenticated, it, will also be to UDL other than the certification of the defined LSP of agreement itself
TLV is authenticated;In the case where enabled certification, if the first network equipment is to the UDL LSP message authentication of the extension
Pass through, determines the enabled certification of the first network equipment and second network equipment and certification passes through, the first network
Equipment establishes the neighborhood between second network equipment.
Wherein, the process of the certification refers to that is carried in the UDL LSP message for extract the extension is used to authenticate the second net
Second authentication information SUB TLV of network equipment integrally authenticates the UDL TLV.
During executing step S303, enables and recognize in the first network equipment and second network equipment
Card, and confirm that certification passes through, allow first network equipment and second network equipment to establish neighborhood.
The method that neighbours disclosed in the embodiment of the present invention establish, by according to first network equipment and second network equipment
The case where carrying out enabled certification adds corresponding authentication information in the message sent by different one way links mutually, especially
It is to detect that one end physical link is in an off state in current link conditions, using added with for authenticating described second
HELLO message transmitted by the extension UDL LSP response first network equipment of second authentication information SUB TLV of the network equipment;
In the interactive process that first network equipment and second network equipment are mutually shaken hands, the expansion is received in first network equipment
It after the UDL LSP message of exhibition, is authenticated, when authentication result is that the first network equipment and second network equipment make
Can certification and certification pass through, then establish the neighborhood of the first network equipment Yu second network equipment.Pass through this
This kind of method disclosed in inventive embodiments can be avoided in the enabled certification of both-end, and only one end certification is by also can establish both sides
The case where neighborhood, occurs, and authenticates incomplete problem to overcome when LA Management Room neighbours establish, improves network
Equipment room establishes security reliability when neighbours.
Example IV
Based on the method that a kind of neighbours disclosed in the embodiment of the present invention establish, in the step S301 shown in Fig. 4, the first net
Network equipment sends HELLO message to second network equipment by the first one way link;Whether carried in the HELLO message useful
In authenticate the first authentication information TLV of the first network equipment and the first network equipment whether carry out enabling certification it is related
Connection specifically includes following situation when first network equipment sends HELLO message to second network equipment:
The first situation, in the case where the first network equipment is not enabled on certification, the first network equipment is to institute
It states second network equipment and sends the HELLO message for not carrying the first authentication information TLV for authenticating the first network equipment;
Second situation, in the case where the first network equipment enabled certification, the first network equipment will be enabled
The information of certification is filled into the first authentication information TLV, and so that the HELLO message is carried this and be used to authenticate described first
First authentication information TLV of the network equipment.The first network equipment will carry and be used to authenticate the of the first network equipment
The HELLO message of one authentication information TLV is sent to second network equipment by the first one way link.
Based on the method that a kind of neighbours disclosed in the embodiment of the present invention one establish, in the step S302 shown in Fig. 4, if
In the case where the enabled certification of second network equipment, second network equipment passes through described in the reception of the first one way link
HELLO message is simultaneously authenticated, and when certification passes through, second network equipment passes through the second one way link to the first network
Equipment sends the UDL LSP message of extension, and the UDL LSP message of the extension is for HELLO message described in response.Wherein, institute
The UDL LSP message for stating extension carries the second authentication information for authenticating second network equipment, when certification does not pass through, then
Abandon the HELLO message.
In the case where second network equipment enabled certification, second network equipment is to the first network equipment
The UDL LSP message of extension is sent, the UDL LSP message of the extension is used for HELLO message described in response, the extension
UDL LSP message carries the second authentication information SUB-TLV for authenticating second network equipment, needs exist for explanation
It is to add the mode of the second authentication information SUB-TLV in second network equipment to be divided into two kinds, including in plain text and ciphertext.
It wherein, is then that the information of enabled certification is filled directly into the second authentication information SUB using clear-text way
In TLV, and the second authentication information SUB TLV is added in UDL TLV;Using ciphertext addition by the way of are as follows: be then by
The information (if necessary to calculate Receive message secret value, then only calculating the secret value of UDL TLV) for enabling certification is filled to described
In second authentication information SUB TLV, then the SUB TLV is added in UDL TLV, makes the UDL for carrying the UDL TLV
The second authentication information SUB-TLV for authenticating second network equipment is added in LSP message simultaneously, constitutes the UDL of extension
LSP message.
Second network equipment utilizes the second authentication information SUB carried for authenticating second network equipment
HELLO message described in the UDL LSP message response of the extension of TLV.It should be noted that recognizing in the embodiment of the present invention about addition
There are many modes for demonstrate,proving information, is not limited in above content, can also use MD5, the mode of the encryptions such as keychain, by base
It is added in the second authentication information SUB TLV in the information that entire UDL TLV calculates the enabled certification got.
Wherein, in the specific application process, the second authentication information SUB TLV includes: recognizing for radio network or Peer-to-Peer Network P2P
Card information SUB-TLV is defined as follows:
The format of the authentication information SUB-TLV of radio network is as shown in figure 5, successively include following field: length is a word
It saves in the field of stored messages type Type, length is the field that a bit byte is used for stored messages length Length, length
It is used to store the field that local expanded circuit identifies Extended Local Circuit ID for nib, length is one
Field of the byte for authentication storage type Authentication Type is used for authentication storage information with space is reserved with
The field of Authentication Value;
The format of the authentication information SUB-TLV of Peer-to-Peer Network P2P is as shown in fig. 6, successively include following field: length one
Bit byte is used for the field of stored messages type Type, and length is the field that a bit byte is used for stored messages length Length,
Length is used to store the field of neighbours link identification Neighbor LAN ID, length for the summation of identification length and a bit byte
For the field of authentication storage type Authentication Type and space is reserved with for authentication storage letter for a bit byte
Cease the field of Authentication Value.
It should be noted that the authentication information SUB-TLV of the above-mentioned radio network and authentication information SUB- of Peer-to-Peer Network P2P
Byte number shared by each field in TLV, and it is only limitted to the example that the embodiments of the present invention provide, byte shared by each field
Number can carry out other and distribute and be not fixed.
It is set into the embodiment of the present application three about second network equipment and first network for the embodiments of the present invention one
It is standby whether to enable certification, and corresponding first network equipment and second network equipment according to respectively different enabled certifications
Various treatment processes performed by situation, a kind of method that neighbours establish disclosed in the embodiment of the present invention, by following example,
Respective implementation procedure in the case where authenticating difference is enabled with second network equipment according to above-mentioned first network equipment, is carried out into one
The explanation of step.
Example one
In the case where the enabled certification of the first network equipment and second network equipment, first network equipment with
Neighbours' establishment process between second network equipment is as shown in fig. 7, mainly comprise the steps that
Step S401, the first network equipment send to carry and use by the first one way link to second network equipment
In the HELLO message for the first authentication information TLV for authenticating the first network equipment;
First one way link is from the first network equipment to the direct connected link of second network equipment;
Step S402, second network equipment are described for authenticating by first one way link reception carrying
The HELLO message of first authentication information TLV of first network equipment is simultaneously authenticated, and when certification passes through, second network is set
The standby UDL LSP message for sending extension to the first network equipment by the second one way link, the UDL LSP report of the extension
Text carries the second authentication information SUB TLV for authenticating second network equipment, when certification does not pass through, then described in discarding
HELLO message;
Second one way link is from second network equipment to the non-straight connected link of the first network equipment;
During executing step S402, second network equipment is carried by the reception of the first one way link for authenticating
The HELLO message of first authentication information TLV of the first network equipment is authenticated, and verification process is to extract described first to recognize
Card information TLV the HELLO message is integrally authenticated, when certification be it is legal, confirmation certification passes through;It is illegal when authenticating, then
Confirmation certification does not pass through, then does not establish the neighborhood between the first network equipment.
After certification passes through, second network equipment, which is sent by the second one way link to the first network equipment, to be expanded
The UDL LSP message of the one way link UDL link state packet LSP message of exhibition, the extension is used for HELLO message described in response,
The UDL LSP message of the extension carries the second authentication information for authenticating second network equipment.
It should be noted that first network equipment is enabled certification in this example, but it is also existing there is also camouflage
Authentication information, at this time can not be by the certification to entire HELLO message, therefore, in the second network using the authentication information of camouflage
In the case where the enabled certification of equipment, still need to abandon the HELLO message, the embodiment of the present invention is not described further this.This hair
Bright embodiment pays close attention to first network equipment and second network equipment is the case where correctly enabling certification.
Step S403, the first network equipment receive described carry for authenticating described the by the second one way link
The UDL LSP message of the extension of second authentication information SUB-TLV of two network equipments is simultaneously authenticated, and is recognized when certification is legal
Card passes through, and the first network equipment establishes the neighborhood between second network equipment.
During executing step S403, the first network equipment is extracted to be taken in the UDL LSP message of the extension
The UDL TLV of band, using the second authentication information SUB TLV added in the UDL TLV to the entire UDL
TLV is authenticated, in the case where the first network equipment and second network equipment enable certification, if certification is logical
It crosses, the first network equipment establishes the neighborhood between second network equipment.
The method that neighbours disclosed in the example one establish, in the first network equipment and second network equipment
In the case where enabled certification, corresponding authentication information is added in the message sent mutually, when second network equipment passes through the
One one way link receives carrying and goes forward side by side for authenticating the HELLO message of the first authentication information TLV of the first network equipment
Row certification, when certification passes through, using the extension carried for authenticating the second authentication information SUB TLV of second network equipment
The UDL LSP message response HELLO message;It was interacted in first network equipment with what second network equipment was mutually shaken hands
Cheng Zhong is authenticated in the UDL LSP message for the extension that first network equipment interconnection receives, when authentication result is first net
Network equipment and second network equipment enable certification and certification passes through, and establish the first network equipment and described second
The neighborhood of the network equipment.
By the above method disclosed in the example, certification is all enabled in both sides, is carried by the UDL LSP message of extension
For authenticating the second authentication information SUB TLV of second network equipment, after certification passes through, first network equipment and the is established
The neighborhood of two network equipments can avoid only one end certification by can also be in the case where both ends enable certification
The case where establishing both sides' neighborhood appearance authenticates incomplete problem to overcome when LA Management Room neighbours establish, mentions
High LA Management Room establishes security reliability when neighbours.
Example two
In the case where enabled certification second network equipment of the first network equipment is not enabled on certification, the first net
Neighbours' establishment process between network equipment and second network equipment is as shown in figure 8, mainly comprise the steps that
Step S501, the first network equipment send to carry and use by the first one way link to second network equipment
In the HELLO message for the first authentication information TLV for authenticating the first network equipment;
Step S502, second network equipment receive the carrying for authenticating described first by the first one way link
The HELLO message of first authentication information TLV of the network equipment, and sent by the second one way link to the first network equipment
UDL LSP message does not carry the second authentication information for authenticating second network equipment in the UDL LSP message;
In step S502, because of the not enabled certification of second network equipment, sent in response first network equipment
Carrying for authenticating the HELLO message of the first authentication information TLV of the first network equipment when, by UDL TLV
The second authentication information SUB-TLV for authenticating second network equipment is not added, and does not extend UDL LSP message.Also
It is the second authentication information SUB TLV being not added in the UDLLSP message said at this time for authenticating second network equipment.
Step S503, the first network equipment by the second one way link receive it is described do not carry it is described for authenticating
The UDL LSP message of second authentication information SUB TLV of second network equipment is authenticated, and is not examining the UDL
In the case where carrying the second authentication information for authenticating second network equipment in LSP message, do not establish and described second
Neighborhood between the network equipment.
During executing step S503, first network equipment receives the UDL LSP by the second one way link
Message confirms and is not added in the UDL TLV of UDL LSP message carrying for authenticating second network equipment in verification process
The second authentication information SUB TLV, i.e., it is believed that being not added with second for authenticating second network equipment in the UDL LSP message
Authentication information SUB TLV, to guarantee safety, first network equipment does not carry out building for neighborhood with second network equipment at this time
It is vertical.
In the example disclosed by the invention, in the interaction that first network equipment and second network equipment are mutually shaken hands
In the process, it is authenticated in the UDL LSP message for response HELLO message that first network equipment interconnection receives, works as confirmation
Second network equipment is not enabled on certification, is at this time the safety for guaranteeing network, first network equipment is not set with second network
It is standby to establish neighborhood.Thereby it is ensured that only one end is not by establishing both sides' neighborhood when enabled certification, to overcome network
Equipment room neighbours authenticate incomplete problem when establishing, improve security reliability when LA Management Room establishes neighbours.
Example three
In the case where the first network equipment is not enabled on the enabled certification of certification second network equipment, the first net
Neighbours between network equipment and second network equipment establish as shown in figure 9, mainly comprising the steps that
Step S601, the first network equipment are not carried by the first one way link to second network equipment transmission
For authenticating the HELLO message of the first authentication information TLV of the first network equipment;
During executing step S601, since first network equipment is not enabled on certification, the first network equipment at this time
When sending HELLO message to second network equipment by the first one way link, do not carried in the HELLO message described for authenticating
First authentication information TLV of first network equipment.
Step S602, second network equipment receive the first network equipment by the first one way link and send not
It carries for authenticating the HELLO message of the first authentication information TLV of the first network equipment and being authenticated, when not extracting
First authentication information TLV, confirmation certification do not pass through, and second network equipment abandons described do not carry for authenticating described first
The HELLO message of first authentication information TLV of the network equipment, does not establish the neighborhood between the first network equipment.
During executing step S602, it is not carry certification that second network equipment is received by the first one way link
The HELLO message of first authentication information TLV of the first network equipment, at this time authenticates it, because that cannot extract
One authentication information TLV, therefore authentification failure, confirmation certification do not pass through.But due to the enabled certification of second network equipment, at this time
Know that one end is not enabled on certification, the enabled certification in one end can not then establish neighborhood.Therefore, second network equipment abandons institute
The HELLO message for not carrying the first authentication information TLV for authenticating the first network equipment is stated, is not established and described first
Neighborhood between the network equipment.
Example four
In the case where the first network equipment and second network equipment are not enabled on certification, first network equipment
Neighbours' establishment process between second network equipment are as follows: in the case where first network equipment is not enabled on certification, described first
The network equipment is not carried to second network equipment transmission for authenticating the first network equipment by the first one way link
The first authentication information TLV HELLO message;In the case where second network equipment is not enabled on certification, second net
Network equipment receives the first authentication information TLV not carried for authenticating the first network equipment by the first one way link
HELLO message utilize the second certification letter not carried for authenticating second network equipment and by the second one way link
Cease HELLO message described in the UDL LSP message response of SUB TLV;The first network equipment is unidirectional by described second
Link receives the UDL LSP message for not carrying the second authentication information SUB TLV for authenticating second network equipment
Afterwards, then the neighborhood of the first network equipment Yu second network equipment is established.
Example disclosure of that of the present invention is the feelings that first network equipment and second network equipment are not enabled on certification
Condition, because not being involved in the problems, such as certification, both ends can establish neighborhood as a result,.
The method that the neighbours in conjunction with disclosed in the embodiments of the present invention and each example of the present invention establish is, it is specified that when neighbours are double
In the case where behavior when just entering one way link UDL scene, pass through first network equipment and the enabled certification of second network equipment
The case where, add corresponding authentication information in the message sent mutually, first network equipment is by the first one way link to the
Two network equipments send the HELLO message carried for authenticating the first authentication information TLV of first network equipment, and the second network is set
It is standby that the UDL LSP message extended is sent to the first network equipment by the second one way link, it is carried in the UDL LSP message
For authenticating the second authentication information SUB-TLV of second network equipment, first network equipment and second network equipment into
In the interactive process that row is mutually shaken hands, after first network equipment receives the UDL LSP message of the extension, authenticated, when
Authentication result is that the first network equipment and second network equipment enable certification and certification passes through, and establishes described the
The neighborhood of one network equipment and second network equipment.
Disclosed this kind of method through the embodiment of the present invention, can be avoided and enable certification in both-end, only one end
Certification is authenticated not when LA Management Room neighbours establish by the case where also can establish both sides' neighborhood appearance to overcome
Complete problem improves security reliability when LA Management Room establishes neighbours.
Based on the method that a kind of neighbours disclosed in the embodiments of the present invention establish, the present invention is corresponding to be also disclosed using upper
The network equipment for stating the method that neighbours establish into embodiment three of the embodiment of the present invention one, is used particularly as first network equipment, the
Two network equipments, and the system established with the neighbours of the first network equipment and second network equipment, the system are based on upper
The neighbours that the method that neighbours disclosed by the embodiments of the present invention establish is established between first network equipment and second network equipment are stated to close
System, detailed process following embodiment are illustrated.
Embodiment five
Based on the embodiments of the present invention one, correspondence of the embodiment of the present invention discloses a kind of network equipment, is used as the first net
Network equipment, specifically includes that
Communication unit, for sending HELLO message, the HELLO report to second network equipment by the first one way link
It carries the first authentication information for authenticating first network equipment in text, and is received by the second one way link from described the
The link state packet LSP message of the one way link UDL of the extension of two network equipments, the UDL LSP message of the extension is for answering
The HELLO message is answered, in the case where second network equipment enabled certification, the UDL LSP message of the extension is carried
For authenticating the second authentication information of second network equipment, first one way link is from first network equipment to described
The direct connected link of second network equipment, second one way link are from second network equipment to the first network equipment
Non-straight connected link;
Processor, for executing the certification to the UDL LSP message of the extension, when authentication result is the first network
Equipment and second network equipment enable certification and certification passes through, and establish the first network equipment and second net
The neighborhood of network equipment.
Wherein, according to the enabled certification of first network equipment and second network equipment the case where, following situation can be divided into.
In the communication unit, receives the carrying that second network equipment is sent and set for authenticating second network
In the case where the extension UDL LSP message of the second standby authentication information SUB TLV:
The processor, carry in the UDL LSP message for extracting the extension for authenticating second network
Second authentication information SUB TLV of equipment is authenticated;When certification be it is legal, obtain the first network equipment and described second
The network equipment enables the authentication result that certification and certification pass through.
If in communication unit, for receiving the unidirectional chain from second network equipment by second one way link
Road UDL link state packet LSP message, the UDL LSP message is for HELLO message described in response, and the UDL LSP message is not
In the case where carrying the second authentication information for authenticating second network equipment:
The processor, for executing the certification to the UDL LSP message, when not examining the UDL LSP message
In when carrying the second authentication information for authenticating second network equipment, do not establish between second network equipment
Neighborhood.
Wherein, first one way link is from first network equipment to the direct connected link of second network equipment, institute
Stating the second one way link is from second network equipment to the non-straight connected link of the first network equipment.
Based on the embodiments of the present invention two, correspondence of the embodiment of the present invention discloses a kind of network equipment, is used as the second net
Network equipment, specifically includes that
Communication unit, it is described for receiving the HELLO message that first network equipment is sent by the first one way link
Carry the first authentication information for authenticating the first network equipment in HELLO message, first one way link is from institute
State first network equipment to second network equipment direct connected link;
Second processor is used in the case where second network equipment enabled certification, described for authenticating to carrying
The HELLO message of first authentication information of first network equipment is authenticated, and when certification passes through, passes through the second one way link
The one way link UDL link state packet LSP message of extension, the UDL LSP report of the extension are sent to the first network equipment
For text for HELLO message described in response, the UDL LSP message of the extension carries for authenticating second network equipment
Two authentication informations execute the certification to the UDL LSP message of the extension by the first network equipment, and are in authentication result
In the case that the first network equipment and second network equipment enable certification and certification passes through, establish and described the
Neighborhood between one network equipment;
Second one way link is from second network equipment to the non-straight connected link of the first network equipment.
Wherein, whether certification is enabled according to first network equipment and second network equipment and whether certification passes through, had as follows
Situation.
It is not enabled on certification in second network equipment, and described for receiving the first network equipment transmission
The communication unit of HELLO message receives and carries the first authentication information TLV's for authenticating the first network equipment
In the case where HELLO message:
The processor, for sending one way link UDL to the first network equipment by second one way link
Link state packet LSP message does not carry the second certification letter for authenticating second network equipment in the UDL LSP message
Breath executes the certification to the UDL LSP message by the first network equipment, and does not examine in the first network equipment
In the case where carrying the second authentication information for authenticating second network equipment in the UDL LSP message, do not establish with
Neighborhood between the first network equipment.
Described for receiving the communication unit for the HELLO message that the first network equipment is sent, receive carrying and use
It is described to be used for the HELLO message simultaneously in the HELLO message for the first authentication information TLV for authenticating the first network equipment
The processor authenticated, in the case where the first network equipment enabled certification, comprising:
The processor, for extracting the HELLO carried for authenticating the first authentication information of the first network equipment
First authentication information in message authenticates the HELLO message using first authentication information;When certification is
Legal, confirmation certification passes through;When authenticate it is illegal, then confirm certification do not pass through, then do not establish with the first network equipment it
Between neighborhood.
Described for receiving the second communication unit of the HELLO message that the first network equipment is sent, receive not
The HELLO message for authenticating the first authentication information TLV of the first network equipment is carried, it is described for the HELLO
Message and the processor authenticated, in the case where the first network equipment is not enabled on certification, further includes:
The processor, for the HELLO for not carrying the first authentication information for authenticating the first network equipment
Message is authenticated, and when not extracting first authentication information, confirmation certification does not pass through, abandons the HELLO message.
It is enabled in second network equipment when certification passes through described for the HELLO message and authenticating
In the case where certification, the one way link UDL link shape of extension is sent to the first network equipment by the second one way link
State packet LSP message, the UDL LSP message of the extension is for HELLO message described in response, the UDL LSP message of the extension
Carry the processor for authenticating the second authentication information of second network equipment, comprising:
The processor for being added to second authentication information in the UDL LSP message of the extension, and passes through
Second one way link sends the UDL LSP message of the extension to the first network equipment, or, described second is authenticated
Information is added in the UDL LSP message of the extension using cipher mode, and by second one way link to described the
One network equipment sends the UDL LSP message of the extension.
It should be noted that the embodiment of the present invention one disclosed above is into the embodiment of the present invention five, first network equipment
Information is sent to second network equipment by the first one way link, second network equipment passes through the second one way link to first network
Equipment sends information;First one way link is from the first network equipment to the direct-connected chain of second network equipment
Road, second one way link are from second network equipment to the non-straight connected link of the first network equipment.
Embodiment six
The system that a kind of neighbours disclosed by the embodiments of the present invention establish specifically includes that disclosed above the as shown in Figure 10
One network equipment (is identified as IS-T) in Figure 10, second network equipment (IS-R is identified as in Figure 10) and connection first net
The physical link of network equipment and second network equipment, the physical link include being directed toward the second network from first network equipment
First one way link of equipment, and, from second network equipment be directed toward first network equipment the second one way link, described first
One way link is direct connected link, and second one way link is non-straight connected link.Physical link R3, R4, R5 in Figure 10 are constituted
The second one way link of first network equipment is directed toward from second network equipment.
The first network equipment, for sending HELLO message to second network equipment by the first one way link,
Whether authentication information TLV and the first network for authenticate the first network equipment is carried in the HELLO message
Whether equipment enables that certification is associated, and receive that second network equipment sends for HELLO message described in response
Extension UDL LSP message, and authenticated, when authentication result is the first network equipment and second network equipment
It enables certification and certification passes through, establish the neighborhood of the first network equipment Yu second network equipment;
Second network equipment is used in the case where second network equipment enabled certification, described to receiving
The HELLO message that first network equipment is sent is authenticated, when certification passes through, described in the UDL LSP message response by extension
HELLO message carries the second authentication information SUB- for authenticating second network equipment in the UDL LSP message of the extension
TLV does not pass through when authenticating, then abandons the HELLO message.
In conclusion the method and system that neighbours disclosed by the embodiments of the present invention establish, according to first network equipment and the
Two network equipments enable the case where certification, and corresponding certification letter is added in the message sent by different one way links mutually
Breath, can be avoided both-end and enables certification, and only one end certification passes through the case where also can establish both sides' neighborhood appearance, from
And the incomplete problem that authenticates when LA Management Room neighbours establish is overcome, improve safety when LA Management Room establishes neighbours
Reliability.
Each embodiment is described in a progressive manner in description of the invention, the highlights of each of the examples are with
The difference of other embodiments, the same or similar parts in each embodiment may refer to each other.For disclosed in embodiment
For device, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is referring to method portion
It defends oneself bright.The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly use hardware, processing
The combination of software module or the two that device executes is implemented.Software module can be placed in random access memory (RAM), memory, only
Read memory (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or
In any other form of storage medium well known in technical field.
The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use the present invention.
Various modifications to these embodiments will be apparent for those skilled in the art.
Claims (19)
1. a kind of method that neighbours establish, which is characterized in that this method comprises:
First network equipment sends HELLO message to second network equipment by the first one way link, takes in the HELLO message
Band is from the first network equipment for authenticating the first authentication information of the first network equipment, first one way link
To the direct connected link of second network equipment;
In the case where second network equipment enabled certification, the first network equipment by the second one way link receive come
From the one way link UDL link state packet LSP message of the extension of second network equipment, the UDL LSP message of the extension
For HELLO message described in response, the UDL LSP message of the extension carries second for authenticating second network equipment
Authentication information, second one way link are from second network equipment to the non-straight connected link of the first network equipment;
The first network equipment executes the certification to the UDL LSP message of the extension, when authentication result is first net
Network equipment and second network equipment enable certification and certification passes through, and the first network equipment is established and described second
Neighborhood between the network equipment.
2. the method according to claim 1, wherein the first network equipment executes the UDL to the extension
The certification of LSP message, comprising:
The first network equipment extract carried in the UDL LSP message of the extension for authenticating second network equipment
The second authentication information authenticated;When certification be it is legal, obtain the first network equipment and second network equipment be equal
Enable the authentication result that certification and certification pass through.
3. the method according to claim 1, wherein the first network equipment is by the first one way link to the
Two network equipments are sent after HELLO message, further includes:
In the case where second network equipment is not enabled on certification, the first network equipment passes through second one way link
The one way link UDL link state packet LSP message from second network equipment is received, the UDL LSP message is for answering
The HELLO message is answered, the UDL LSP message does not carry the second authentication information for authenticating second network equipment,
Second one way link is from second network equipment to the non-straight connected link of the first network equipment;First net
Network equipment executes certification to the UDL LSP message, when do not examine carried in the UDL LSP message it is described for authenticating
When the second authentication information of second network equipment, the neighborhood between second network equipment is not established.
4. method according to claim 1 or 2, which is characterized in that described for authenticating the of second network equipment
Two authentication informations include: the authentication information of radio network or the authentication information of Peer-to-Peer Network P2P;
The authentication information of the radio network includes: the type field for stored messages type Type, is used for stored messages length
The Length field of Length, for storing local expanded circuit mark Extended Local Circuit ID's
Extended Local Circuit id field, for authentication storage type Authentication Type's
Authentication the type field and Authentication for authentication storage information Authentication Value
Value field;
The format of the authentication information of the P2P successively includes following field: for the type field of stored messages type Type, being used
In the Length field of stored messages length Length, for storing neighbours link identification Neighbor LAN ID's
Neighbor LAN id field, the Authentication Type for authentication storage type Authentication Type
Field and Authentication Value field for authentication storage information Authentication Value.
5. a kind of network equipment is used as first network equipment characterized by comprising
Communication unit, for sending HELLO message to second network equipment by the first one way link, in the HELLO message
The first authentication information for authenticating first network equipment is carried, and in second network equipment enabled the case where authenticating
Under, the link state packet LSP of the one way link UDL of the extension from second network equipment is received by the second one way link
Message, for HELLO message described in response, the UDL LSP message carrying of the extension is used for the UDL LSP message of the extension
Authenticate the second authentication information of second network equipment, first one way link is from first network equipment to described second
The direct connected link of the network equipment, second one way link are from second network equipment to the non-of the first network equipment
Direct connected link;
Processor, for executing the certification to the UDL LSP message of the extension, when authentication result is the first network equipment
Certification is enabled with second network equipment and certification passes through, and is established the first network equipment and is set with second network
Standby neighborhood.
6. the network equipment according to claim 5, which is characterized in that the UDL LSP for executing to the extension
The processor of the certification of message, comprising:
The processor, carry in the UDL LSP message for extracting the extension for authenticating second network equipment
The second authentication information authenticated;When certification be it is legal, obtain the first network equipment and second network equipment be equal
Enable the authentication result that certification and certification pass through.
7. the network equipment according to claim 5, which is characterized in that be not enabled on the feelings of certification in second network equipment
Under condition, further includes:
The communication unit, for receiving the one way link from second network equipment by second one way link
UDL link state packet LSP message, the UDL LSP message are not taken for HELLO message described in response, the UDL LSP message
Band is from second network equipment for authenticating the second authentication information of second network equipment, second one way link
To the non-straight connected link of the first network equipment;
The processor is taken for executing the certification to the UDL LSP message when not examining in the UDL LSP message
When with the second authentication information for authenticating second network equipment, the neighbour between second network equipment is not established
Occupy relationship.
8. a kind of method that neighbours establish, which is characterized in that this method comprises:
Second network equipment receives the HELLO message from first network equipment, the HELLO message by the first one way link
Middle the first authentication information carried for authenticating the first network equipment, first one way link are from the first network
Direct connected link of the equipment to second network equipment;
In the case where second network equipment enabled certification, second network equipment is connect by first one way link
It receives the HELLO message and is authenticated, when certification passes through, sent and expanded to the first network equipment by the second one way link
The UDL LSP message of the one way link UDL link state packet LSP message of exhibition, the extension is used for HELLO message described in response,
The UDL LSP message of the extension carries the second authentication information for authenticating second network equipment, by first net
Network equipment executes the certification to the UDL LSP message of the extension, and is the first network equipment and described in authentication result
In the case that second network equipment enables certification and certification passes through, the neighbours established between the first network equipment are closed
System;Second one way link is from second network equipment to the non-straight connected link of the first network equipment.
9. according to the method described in claim 8, it is characterized by further comprising:
In the case where second network equipment is not enabled on certification, second network equipment passes through second one way link
One way link UDL link state packet LSP message is sent to the first network equipment, does not carry use in the UDL LSP message
In the second authentication information for authenticating second network equipment, executed by the first network equipment to the UDL LSP message
Certification, and the first network equipment do not examine in the UDL LSP message carry for authenticating second network
In the case where second authentication information of equipment, the neighborhood between the first network equipment is not established.
10. according to the method described in claim 8, it is characterized in that, in the case where second network equipment enabled certification,
Second network equipment receives the HELLO message by first one way link and is authenticated, comprising:
Second network equipment receives the carrying for authenticating the first network equipment by first one way link
The first authentication information HELLO message, extract first authentication information and the HELLO message authenticated;
When certification be it is legal, confirmation certification passes through;
It is illegal when authenticating, then confirm that certification does not pass through, does not then establish the neighborhood between the first network equipment.
11. according to the method described in claim 8, it is characterized in that, enabling to authenticate in second network equipment, described first
In the case that the network equipment is not enabled on certification, further includes:
Second network equipment is not carried by what the first one way link received that the first network equipment sends for authenticating
The HELLO message of first authentication information of the first network equipment simultaneously authenticates, when not extracting first authentication information,
Confirmation certification does not pass through, abandons the HELLO message.
12. according to the method described in claim 8, it is characterized in that, second one way link that passes through is to the first network
Equipment sends the one way link UDL link state packet LSP message of extension, and the UDL LSP message of the extension is for described in response
HELLO message, the UDL LSP message of the extension carry the second authentication information for authenticating second network equipment, packet
It includes:
Second authentication information is added in the UDL LSP message of the extension by second network equipment, and passes through institute
State the UDL LSP message that the second one way link sends the extension to the first network equipment;
Or, second authentication information is added to the UDL LSP of the extension by second network equipment using cipher mode
In message, and the UDL LSP message of the extension is sent by second one way link to the first network equipment.
13. the method according to any one of claim 8~12, which is characterized in that the of second network equipment
Two authentication informations include: the authentication information of radio network or the authentication information of Peer-to-Peer Network P2P;
The authentication information of the radio network includes: the type field for stored messages type Type, is used for stored messages length
The Length field of Length, for storing local expanded circuit mark Extended Local Circuit ID's
Extended Local Circuit id field, for authentication storage type Authentication Type's
Authentication the type field and Authentication for authentication storage information Authentication Value
Value field;
The format of the authentication information of the P2P successively includes following field: for the type field of stored messages type Type, being used
In the Length field of stored messages length Length, for storing neighbours link identification Neighbor LAN ID's
Neighbor LAN id field, the Authentication Type for authentication storage type Authentication Type
Field and Authentication the type field for authentication storage information Authentication Value.
14. a kind of network equipment is used as second network equipment characterized by comprising
Communication unit, for receiving the HELLO message from first network equipment, the HELLO report by the first one way link
The first authentication information for authenticating the first network equipment is carried in text, first one way link is from first net
Direct connected link of the network equipment to second network equipment;
Processor is used in the case where second network equipment enabled certification, to carrying for authenticating the first network
The HELLO message of first authentication information of equipment is authenticated, when certification passes through, by the second one way link to described
One network equipment sends the one way link UDL link state packet LSP message of extension, and the UDL LSP message of the extension is for answering
The HELLO message is answered, the UDL LSP message of the extension carries the second certification letter for authenticating second network equipment
Breath executes the certification to the UDL LSP message of the extension by the first network equipment, and is described first in authentication result
In the case that the network equipment and second network equipment enable certification and certification passes through, foundation is set with the first network
Neighborhood between standby;Second one way link is from second network equipment to the non-straight of the first network equipment
Connected link.
15. the network equipment according to claim 14, which is characterized in that be not enabled on certification in second network equipment
In the case of, further includes:
The processor, for sending one way link UDL link to the first network equipment by second one way link
State packet LSP message does not carry the second authentication information for authenticating second network equipment in the UDL LSP message,
Certification to the UDL LSP message is executed by the first network equipment, and does not examine institute in the first network equipment
It states in the case where carrying the second authentication information for authenticating second network equipment in UDL LSP message, does not establish and institute
State the neighborhood between first network equipment.
16. the network equipment according to claim 14, which is characterized in that described to be used for carrying for authenticating described first
The processor that the HELLO message of first authentication information of the network equipment is authenticated, comprising:
The processor, for extracting the HELLO message carried for authenticating the first authentication information of the first network equipment
In first authentication information, the HELLO message is authenticated using first authentication information;When certification is conjunction
Method, confirmation certification pass through;It is illegal when authenticating, then confirm that certification does not pass through, does not then establish between the first network equipment
Neighborhood.
17. the network equipment according to claim 14, which is characterized in that in the enabled certification of second network equipment, institute
It states in the case that first network equipment is not enabled on certification, further includes:
The communication unit, for receiving the HELLO message that the first network equipment is sent by first one way link,
The first authentication information for authenticating the first net equipment is not carried in the HELLO message, first one way link is
From the first network equipment to the direct connected link of second network equipment;
The processor, for the HELLO message for not carrying the first authentication information for authenticating the first network equipment
It is authenticated, when not extracting first authentication information, confirmation certification does not pass through, abandons the HELLO message.
18. the network equipment according to claim 14, which is characterized in that second one way link that passes through is to described first
The network equipment sends the one way link UDL link state packet LSP message of extension, and the UDL LSP message of the extension is used for response
The HELLO message, the UDL LSP message of the extension carry the second authentication information for authenticating second network equipment
Processor, comprising:
The processor, for being added to second authentication information in the UDL LSP message of the extension, and by described
Second one way link sends the UDL LSP message of the extension to the first network equipment, or, by second authentication information
It is added in the UDL LSP message of the extension using cipher mode, and passes through second one way link to first net
Network equipment sends the UDL LSP message of the extension.
19. the system that a kind of neighbours establish, which is characterized in that the system includes:
It is used as the network equipment of first network equipment described in any one of claim 5~7, appoints in claim 14~18
It is used as the network equipment of second network equipment described in meaning one, and connects the first network equipment and second network
The physical link of equipment, the physical link include first unidirectional from the first network equipment to second network equipment
Link, and, from second network equipment to the second one way link of the first network equipment, first one way link
For direct connected link, second one way link is non-straight connected link.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2015/085431 WO2017015899A1 (en) | 2015-07-29 | 2015-07-29 | Neighbor relationship establishment method, device and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107113278A CN107113278A (en) | 2017-08-29 |
CN107113278B true CN107113278B (en) | 2019-10-22 |
Family
ID=57886936
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201580062748.7A Active CN107113278B (en) | 2015-07-29 | 2015-07-29 | The method, apparatus and system that neighbours establish |
Country Status (4)
Country | Link |
---|---|
US (1) | US10447549B2 (en) |
EP (1) | EP3319286B1 (en) |
CN (1) | CN107113278B (en) |
WO (1) | WO2017015899A1 (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019012627A1 (en) * | 2017-07-12 | 2019-01-17 | 日本電気株式会社 | Network control system, method and program |
US11252162B2 (en) * | 2019-04-02 | 2022-02-15 | Ciena Corporation | Enhancement to the IS-IS protocol for eliminating unwanted network traffic |
CN116527408B (en) * | 2023-07-05 | 2023-09-08 | 中国电子科技集团公司第十五研究所 | Authentication management method and application based on friend bus |
Family Cites Families (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7327683B2 (en) * | 2000-03-16 | 2008-02-05 | Sri International | Method and apparatus for disseminating topology information and for discovering new neighboring nodes |
US7386792B1 (en) * | 2001-03-07 | 2008-06-10 | Thomas Layne Bascom | System and method for collecting, storing, managing and providing categorized information related to a document object |
US20030149869A1 (en) * | 2002-02-01 | 2003-08-07 | Paul Gleichauf | Method and system for securely storing and trasmitting data by applying a one-time pad |
US7372859B2 (en) * | 2003-11-19 | 2008-05-13 | Honeywell International Inc. | Self-checking pair on a braided ring network |
US7406032B2 (en) * | 2005-01-06 | 2008-07-29 | At&T Corporation | Bandwidth management for MPLS fast rerouting |
US7499445B2 (en) * | 2005-03-18 | 2009-03-03 | Cisco Technology, Inc. | System and method for routing ISIS traffic through unidirectional links of a computer network |
CN100389571C (en) * | 2005-03-25 | 2008-05-21 | 华为技术有限公司 | Method for detecting chain circuit fault between end-to-end notes in mixed network |
US7957380B2 (en) * | 2005-11-21 | 2011-06-07 | Cisco Technology, Inc. | Support of unidirectional link in IS-IS without IP encapsulation and in presence of unidirectional return path |
US9712486B2 (en) * | 2006-09-25 | 2017-07-18 | Weaved, Inc. | Techniques for the deployment and management of network connected devices |
US7912094B2 (en) * | 2006-12-13 | 2011-03-22 | Honeywell International Inc. | Self-checking pair-based master/follower clock synchronization |
US7778159B2 (en) * | 2007-09-27 | 2010-08-17 | Honeywell International Inc. | High-integrity self-test in a network having a braided-ring topology |
CN101426004A (en) * | 2007-10-29 | 2009-05-06 | 华为技术有限公司 | Three layer conversation access method, system and equipment |
US8289879B2 (en) * | 2008-02-07 | 2012-10-16 | Ciena Corporation | Methods and systems for preventing the misconfiguration of optical networks using a network management system |
CN101431471A (en) * | 2008-12-17 | 2009-05-13 | 华为技术有限公司 | LSP packet transmission method, equipment and system |
CN102136928B (en) * | 2010-07-02 | 2013-10-09 | 华为技术有限公司 | Topology discovery method and device |
CN102480429A (en) * | 2010-11-26 | 2012-05-30 | 华为数字技术有限公司 | Message processing method, apparatus thereof and system thereof |
CN103095563A (en) * | 2011-11-01 | 2013-05-08 | 中兴通讯股份有限公司 | Message processing method and system |
US10257161B2 (en) * | 2012-05-22 | 2019-04-09 | Cisco Technology, Inc. | Using neighbor discovery to create trust information for other applications |
EP2706705B1 (en) * | 2012-09-07 | 2015-11-04 | Alcatel Lucent | Connectivity checking of a bidirectional circular path in a communication network |
US8711855B1 (en) * | 2012-12-18 | 2014-04-29 | Juniper Networks, Inc. | Topology discovery, control channel establishment, and datapath provisioning within an aggregation network with centralized control |
US9497074B2 (en) * | 2013-04-23 | 2016-11-15 | Telefonaktiebolaget L M Ericsson (Publ) | Packet data unit (PDU) structure for supporting distributed relay control protocol (DRCP) |
US9722919B2 (en) * | 2014-01-22 | 2017-08-01 | Cisco Technology, Inc. | Tying data plane paths to a secure control plane |
US10142444B2 (en) * | 2014-07-01 | 2018-11-27 | Trinity Mobile Networks, Inc. | Methods, devices, and systems for implementing centralized hybrid wireless self-organizing networks |
US9634928B2 (en) * | 2014-09-29 | 2017-04-25 | Juniper Networks, Inc. | Mesh network of simple nodes with centralized control |
EP3206338A1 (en) * | 2016-02-11 | 2017-08-16 | Xieon Networks S.à r.l. | Service-based loss forwarding in communication networks |
-
2015
- 2015-07-29 EP EP15899251.1A patent/EP3319286B1/en active Active
- 2015-07-29 CN CN201580062748.7A patent/CN107113278B/en active Active
- 2015-07-29 WO PCT/CN2015/085431 patent/WO2017015899A1/en active Application Filing
-
2018
- 2018-01-29 US US15/881,965 patent/US10447549B2/en active Active
Also Published As
Publication number | Publication date |
---|---|
US20180152355A1 (en) | 2018-05-31 |
US10447549B2 (en) | 2019-10-15 |
CN107113278A (en) | 2017-08-29 |
WO2017015899A1 (en) | 2017-02-02 |
EP3319286A4 (en) | 2018-07-18 |
EP3319286B1 (en) | 2021-03-24 |
EP3319286A1 (en) | 2018-05-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Wang et al. | A smart card based efficient and secured multi-server authentication scheme | |
Chen et al. | Lightweight and provably secure user authentication with anonymity for the global mobility network | |
CN107947357B (en) | Power distribution automation data acquisition device and method based on safety access area | |
He et al. | Design and validation of an efficient authentication scheme with anonymity for roaming service in global mobility networks | |
CN103701700B (en) | Node discovery method in a kind of communication network and system | |
Kang et al. | Toward secure energy harvesting cooperative networks | |
CN104426837B (en) | The application layer message filtering method and device of FTP | |
CN105578463B (en) | A kind of method and device of dual link safety communication | |
CN108521662A (en) | A kind of safety satellite crosses the method and system of top switching | |
Udgata et al. | Wireless sensor network security model using zero knowledge protocol | |
Carlos et al. | An updated threat model for security ceremonies | |
CN107277058B (en) | Interface authentication method and system based on BFD protocol | |
CN102638468A (en) | Method, sending end, receiving end and system for protecting information transmission safety | |
CN107113278B (en) | The method, apparatus and system that neighbours establish | |
Misra et al. | Introduction to IoT | |
Shukla et al. | A bit commitment signcryption protocol for wireless transport layer security (wtls) | |
CN110198297A (en) | Data on flows monitoring method, device, electronic equipment and computer-readable medium | |
CN103647762B (en) | IPv6 Internet of things node identity identifying method based on access path | |
CN106603512B (en) | A kind of authentic authentication method of the Intermediate System-Intermediate System based on SDN framework | |
CN102035645B (en) | Entity authentication method and system for resource limited network | |
Mehra et al. | Codeword Authenticated Key Exchange (CAKE) light weight secure routing protocol for WSN | |
CN105848140B (en) | It can be realized the End-to-End Security method for building up of communication supervision in a kind of 5G network | |
CN101166093A (en) | An authentication method and system | |
CN102480473A (en) | Security information interaction system and method based on frequency shift keying (FSK) | |
CN109150925B (en) | IPoE static authentication method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |